ATT&CK IDATT&CK Technique Name
T1001Data Obfuscation
T1001.001Junk Data
T1001.002Steganography
T1001.003Protocol or Service Impersonation
T1002Data Compressed
T1003OS Credential Dumping
T1003.001LSASS Memory
T1003.002Security Account Manager
T1003.003NTDS
T1003.004LSA Secrets
T1003.005Cached Domain Credentials
T1003.006DCSync
T1003.007Proc Filesystem
T1003.008/etc/passwd and /etc/shadow
T1004Winlogon Helper DLL
T1005Data from Local System
T1006Direct Volume Access
T1007System Service Discovery
T1008Fallback Channels
T1009Binary Padding
T1010Application Window Discovery
T1011Exfiltration Over Other Network Medium
T1011.001Exfiltration Over Bluetooth
T1012Query Registry
T1013Port Monitors
T1014Rootkit
T1015Accessibility Features
T1016System Network Configuration Discovery
T1016.001Internet Connection Discovery
T1016.002Wi-Fi Discovery
T1017Application Deployment Software
T1018Remote System Discovery
T1019System Firmware
T1020Automated Exfiltration
T1020.001Traffic Duplication
T1021Remote Services
T1021.001Remote Desktop Protocol
T1021.002SMB/Windows Admin Shares
T1021.003Distributed Component Object Model
T1021.004SSH
T1021.005VNC
T1021.006Windows Remote Management
T1021.007Cloud Services
T1021.008Direct Cloud VM Connections
T1022Data Encrypted
T1023Shortcut Modification
T1024Custom Cryptographic Protocol
T1025Data from Removable Media
T1026Multiband Communication
T1027Obfuscated Files or Information
T1027.001Binary Padding
T1027.002Software Packing
T1027.003Steganography
T1027.004Compile After Delivery
T1027.005Indicator Removal from Tools
T1027.006HTML Smuggling
T1027.007Dynamic API Resolution
T1027.008Stripped Payloads
T1027.009Embedded Payloads
T1027.010Command Obfuscation
T1027.011Fileless Storage
T1027.012LNK Icon Smuggling
T1027.013Encrypted/Encoded File
T1027.014Polymorphic Code
T1027.015Compression
T1027.016Junk Code Insertion
T1027.017SVG Smuggling
T1028Windows Remote Management
T1029Scheduled Transfer
T1030Data Transfer Size Limits
T1031Modify Existing Service
T1032Standard Cryptographic Protocol
T1033System Owner/User Discovery
T1034Path Interception
T1035Service Execution
T1036Masquerading
T1036.001Invalid Code Signature
T1036.002Right-to-Left Override
T1036.003Rename Legitimate Utilities
T1036.004Masquerade Task or Service
T1036.005Match Legitimate Resource Name or Location
T1036.006Space after Filename
T1036.007Double File Extension
T1036.008Masquerade File Type
T1036.009Break Process Trees
T1036.010Masquerade Account Name
T1036.011Overwrite Process Arguments
T1037Boot or Logon Initialization Scripts
T1037.001Logon Script (Windows)
T1037.002Login Hook
T1037.003Network Logon Script
T1037.004RC Scripts
T1037.005Startup Items
T1038DLL Search Order Hijacking
T1039Data from Network Shared Drive
T1040Network Sniffing
T1041Exfiltration Over C2 Channel
T1042Change Default File Association
T1043Commonly Used Port
T1044File System Permissions Weakness
T1045Software Packing
T1046Network Service Discovery
T1047Windows Management Instrumentation
T1048Exfiltration Over Alternative Protocol
T1048.001Exfiltration Over Symmetric Encrypted Non-C2 Protocol
T1048.002Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1048.003Exfiltration Over Unencrypted Non-C2 Protocol
T1049System Network Connections Discovery
T1050New Service
T1051Shared Webroot
T1052Exfiltration Over Physical Medium
T1052.001Exfiltration over USB
T1053Scheduled Task/Job
T1053.001At (Linux) Execution
T1053.002At
T1053.003Cron
T1053.004Launchd
T1053.005Scheduled Task
T1053.006Systemd Timers
T1053.007Container Orchestration Job
T1054Indicator Blocking
T1055Process Injection
T1055.001Dynamic-link Library Injection
T1055.002Portable Executable Injection
T1055.003Thread Execution Hijacking
T1055.004Asynchronous Procedure Call
T1055.005Thread Local Storage
T1055.008Ptrace System Calls
T1055.009Proc Memory
T1055.011Extra Window Memory Injection
T1055.012Process Hollowing
T1055.013Process Doppelgänging
T1055.014VDSO Hijacking
T1055.015ListPlanting
T1056Input Capture
T1056.001Keylogging
T1056.002GUI Input Capture
T1056.003Web Portal Capture
T1056.004Credential API Hooking
T1057Process Discovery
T1058Service Registry Permissions Weakness
T1059Command and Scripting Interpreter
T1059.001PowerShell
T1059.002AppleScript
T1059.003Windows Command Shell
T1059.004Unix Shell
T1059.005Visual Basic
T1059.006Python
T1059.007JavaScript
T1059.008Network Device CLI
T1059.009Cloud API
T1059.010AutoHotKey & AutoIT
T1059.011Lua
T1059.012Hypervisor CLI
T1060Registry Run Keys / Startup Folder
T1061Graphical User Interface
T1062Hypervisor
T1063Security Software Discovery
T1064Scripting
T1065Uncommonly Used Port
T1066Indicator Removal from Tools
T1067Bootkit
T1068Exploitation for Privilege Escalation
T1069Permission Groups Discovery
T1069.001Local Groups
T1069.002Domain Groups
T1069.003Cloud Groups
T1070Indicator Removal
T1070.001Clear Windows Event Logs
T1070.002Clear Linux or Mac System Logs
T1070.003Clear Command History
T1070.004File Deletion
T1070.005Network Share Connection Removal
T1070.006Timestomp
T1070.007Clear Network Connection History and Configurations
T1070.008Clear Mailbox Data
T1070.009Clear Persistence
T1070.010Relocate Malware
T1071Application Layer Protocol
T1071.001Web Protocols
T1071.002File Transfer Protocols
T1071.003Mail Protocols
T1071.004DNS
T1071.005Publish/Subscribe Protocols
T1072Software Deployment Tools
T1073DLL Side-Loading
T1074Data Staged
T1074.001Local Data Staging
T1074.002Remote Data Staging
T1075Pass the Hash
T1076Remote Desktop Protocol
T1077Windows Admin Shares
T1078Valid Accounts
T1078.001Default Accounts
T1078.002Domain Accounts
T1078.003Local Accounts
T1078.004Cloud Accounts
T1079Multilayer Encryption
T1080Taint Shared Content
T1081Credentials in Files
T1082System Information Discovery
T1083File and Directory Discovery
T1084Windows Management Instrumentation Event Subscription
T1085Rundll32
T1086PowerShell
T1087Account Discovery
T1087.001Local Account
T1087.002Domain Account
T1087.003Email Account
T1087.004Cloud Account
T1088Bypass User Account Control
T1089Disabling Security Tools
T1090Proxy
T1090.001Internal Proxy
T1090.002External Proxy
T1090.003Multi-hop Proxy
T1090.004Domain Fronting
T1091Replication Through Removable Media
T1092Communication Through Removable Media
T1093Process Hollowing
T1094Custom Command and Control Protocol
T1095Non-Application Layer Protocol
T1096NTFS File Attributes
T1097Pass the Ticket
T1098Account Manipulation
T1098.001Additional Cloud Credentials
T1098.002Additional Email Delegate Permissions
T1098.003Additional Cloud Roles
T1098.004SSH Authorized Keys
T1098.005Device Registration
T1098.006Additional Container Cluster Roles
T1098.007Additional Local or Domain Groups
T1099Timestomp
T1100Web Shell
T1101Security Support Provider
T1102Web Service
T1102.001Dead Drop Resolver
T1102.002Bidirectional Communication
T1102.003One-Way Communication
T1103AppInit DLLs
T1104Multi-Stage Channels
T1105Ingress Tool Transfer
T1106Native API
T1107File Deletion
T1108Redundant Access
T1109Component Firmware
T1110Brute Force
T1110.001Password Guessing
T1110.002Password Cracking
T1110.003Password Spraying
T1110.004Credential Stuffing
T1111Multi-Factor Authentication Interception
T1112Modify Registry
T1113Screen Capture
T1114Email Collection
T1114.001Local Email Collection
T1114.002Remote Email Collection
T1114.003Email Forwarding Rule
T1115Clipboard Data
T1116Code Signing
T1117Regsvr32
T1118InstallUtil
T1119Automated Collection
T1120Peripheral Device Discovery
T1121Regsvcs/Regasm
T1122Component Object Model Hijacking
T1123Audio Capture
T1124System Time Discovery
T1125Video Capture
T1126Network Share Connection Removal
T1127Trusted Developer Utilities Proxy Execution
T1127.001MSBuild
T1127.002ClickOnce
T1127.003JamPlus
T1128Netsh Helper DLL
T1129Shared Modules
T1130Install Root Certificate
T1131Authentication Package
T1132Data Encoding
T1132.001Standard Encoding
T1132.002Non-Standard Encoding
T1133External Remote Services
T1134Access Token Manipulation
T1134.001Token Impersonation/Theft
T1134.002Create Process with Token
T1134.003Make and Impersonate Token
T1134.004Parent PID Spoofing
T1134.005SID-History Injection
T1135Network Share Discovery
T1136Create Account
T1136.001Local Account
T1136.002Domain Account
T1136.003Cloud Account
T1137Office Application Startup
T1137.001Office Template Macros
T1137.002Office Test
T1137.003Outlook Forms
T1137.004Outlook Home Page
T1137.005Outlook Rules
T1137.006Add-ins
T1138Application Shimming
T1139Bash History
T1140Deobfuscate/Decode Files or Information
T1141Input Prompt
T1142Keychain
T1143Hidden Window
T1144Gatekeeper Bypass
T1145Private Keys
T1146Clear Command History
T1147Hidden Users
T1148HISTCONTROL
T1149LC_MAIN Hijacking
T1150Plist Modification
T1151Space after Filename
T1152Launchctl
T1153Source
T1154Trap
T1155AppleScript
T1156Malicious Shell Modification
T1157Dylib Hijacking
T1158Hidden Files and Directories
T1159Launch Agent
T1160Launch Daemon
T1161LC_LOAD_DYLIB Addition
T1162Login Item
T1163Rc.common
T1164Re-opened Applications
T1165Startup Items
T1166Setuid and Setgid
T1167Securityd Memory
T1168Local Job Scheduling
T1169Sudo
T1170Mshta
T1171LLMNR/NBT-NS Poisoning and Relay
T1172Domain Fronting
T1173Dynamic Data Exchange
T1174Password Filter DLL
T1175Component Object Model and Distributed COM
T1176Software Extensions
T1176.001Browser Extensions
T1176.002IDE Extensions
T1177LSASS Driver
T1178SID-History Injection
T1179Hooking
T1180Screensaver
T1181Extra Window Memory Injection
T1182AppCert DLLs
T1183Image File Execution Options Injection
T1184SSH Hijacking
T1185Browser Session Hijacking
T1186Process Doppelgänging
T1187Forced Authentication
T1188Multi-hop Proxy
T1189Drive-by Compromise
T1190Exploit Public-Facing Application
T1191CMSTP
T1192Spearphishing Link
T1193Spearphishing Attachment
T1194Spearphishing via Service
T1195Supply Chain Compromise
T1195.001Compromise Software Dependencies and Development Tools
T1195.002Compromise Software Supply Chain
T1195.003Compromise Hardware Supply Chain
T1196Control Panel Items
T1197BITS Jobs
T1198SIP and Trust Provider Hijacking
T1199Trusted Relationship
T1200Hardware Additions
T1201Password Policy Discovery
T1202Indirect Command Execution
T1203Exploitation for Client Execution
T1204User Execution
T1204.001Malicious Link
T1204.002Malicious File
T1204.003Malicious Image
T1204.004Malicious Copy and Paste
T1205Traffic Signaling
T1205.001Port Knocking
T1205.002Socket Filters
T1206Sudo Caching
T1207Rogue Domain Controller
T1208Kerberoasting
T1209Time Providers
T1210Exploitation of Remote Services
T1211Exploitation for Defense Evasion
T1212Exploitation for Credential Access
T1213Data from Information Repositories
T1213.001Confluence
T1213.002Sharepoint
T1213.003Code Repositories
T1213.004Customer Relationship Management Software
T1213.005Messaging Applications
T1214Credentials in Registry
T1215Kernel Modules and Extensions
T1216System Script Proxy Execution
T1216.001PubPrn
T1216.002SyncAppvPublishingServer
T1217Browser Information Discovery
T1218System Binary Proxy Execution
T1218.001Compiled HTML File
T1218.002Control Panel
T1218.003CMSTP
T1218.004InstallUtil
T1218.005Mshta
T1218.007Msiexec
T1218.008Odbcconf
T1218.009Regsvcs/Regasm
T1218.010Regsvr32
T1218.011Rundll32
T1218.012Verclsid
T1218.013Mavinject
T1218.014MMC
T1218.015Electron Applications
T1219Remote Access Tools
T1219.001IDE Tunneling
T1219.002Remote Desktop Software
T1219.003Remote Access Hardware
T1220XSL Script Processing
T1221Template Injection
T1222File and Directory Permissions Modification
T1222.001Windows File and Directory Permissions Modification
T1222.002Linux and Mac File and Directory Permissions Modification
T1223Compiled HTML File
T1480Execution Guardrails
T1480.001Environmental Keying
T1480.002Mutual Exclusion
T1482Domain Trust Discovery
T1483Domain Generation Algorithms
T1484Domain or Tenant Policy Modification
T1484.001Group Policy Modification
T1484.002Trust Modification
T1485Data Destruction
T1485.001Lifecycle-Triggered Deletion
T1486Data Encrypted for Impact
T1487Disk Structure Wipe
T1488Disk Content Wipe
T1489Service Stop
T1490Inhibit System Recovery
T1491Defacement
T1491.001Internal Defacement
T1491.002External Defacement
T1492Stored Data Manipulation
T1493Transmitted Data Manipulation
T1494Runtime Data Manipulation
T1495Firmware Corruption
T1496Resource Hijacking
T1496.001Compute Hijacking
T1496.002Bandwidth Hijacking
T1496.003SMS Pumping
T1496.004Cloud Service Hijacking
T1497Virtualization/Sandbox Evasion
T1497.001System Checks
T1497.002User Activity Based Checks
T1497.003Time Based Evasion
T1498Network Denial of Service
T1498.001Direct Network Flood
T1498.002Reflection Amplification
T1499Endpoint Denial of Service
T1499.001OS Exhaustion Flood
T1499.002Service Exhaustion Flood
T1499.003Application Exhaustion Flood
T1499.004Application or System Exploitation
T1500Compile After Delivery
T1501Systemd Service
T1502Parent PID Spoofing
T1503Credentials from Web Browsers
T1504PowerShell Profile
T1505Server Software Component
T1505.001SQL Stored Procedures
T1505.002Transport Agent
T1505.003Web Shell
T1505.004IIS Components
T1505.005Terminal Services DLL
T1505.006vSphere Installation Bundles
T1506Web Session Cookie
T1514Elevated Execution with Prompt
T1518Software Discovery
T1518.001Security Software Discovery
T1519Emond
T1522Cloud Instance Metadata API
T1525Implant Internal Image
T1526Cloud Service Discovery
T1527Application Access Token
T1528Steal Application Access Token
T1529System Shutdown/Reboot
T1530Data from Cloud Storage
T1531Account Access Removal
T1534Internal Spearphishing
T1535Unused/Unsupported Cloud Regions
T1536Revert Cloud Instance
T1537Transfer Data to Cloud Account
T1538Cloud Service Dashboard
T1539Steal Web Session Cookie
T1542Pre-OS Boot
T1542.001System Firmware
T1542.002Component Firmware
T1542.003Bootkit
T1542.004ROMMONkit
T1542.005TFTP Boot
T1543Create or Modify System Process
T1543.001Launch Agent
T1543.002Systemd Service
T1543.003Windows Service
T1543.004Launch Daemon
T1543.005Container Service
T1546Event Triggered Execution
T1546.001Change Default File Association
T1546.002Screensaver
T1546.003Windows Management Instrumentation Event Subscription
T1546.004Unix Shell Configuration Modification
T1546.005Trap
T1546.006LC_LOAD_DYLIB Addition
T1546.007Netsh Helper DLL
T1546.008Accessibility Features
T1546.009AppCert DLLs
T1546.010AppInit DLLs
T1546.011Application Shimming
T1546.012Image File Execution Options Injection
T1546.013PowerShell Profile
T1546.014Emond
T1546.015Component Object Model Hijacking
T1546.016Installer Packages
T1546.017Udev Rules
T1547Boot or Logon Autostart Execution
T1547.001Registry Run Keys / Startup Folder
T1547.002Authentication Package
T1547.003Time Providers
T1547.004Winlogon Helper DLL
T1547.005Security Support Provider
T1547.006Kernel Modules and Extensions
T1547.007Re-opened Applications
T1547.008LSASS Driver
T1547.009Shortcut Modification
T1547.010Port Monitors
T1547.011Plist Modification
T1547.012Print Processors
T1547.013XDG Autostart Entries
T1547.014Active Setup
T1547.015Login Items
T1548Abuse Elevation Control Mechanism
T1548.001Setuid and Setgid
T1548.002Bypass User Account Control
T1548.003Sudo and Sudo Caching
T1548.004Elevated Execution with Prompt
T1548.005Temporary Elevated Cloud Access
T1548.006TCC Manipulation
T1550Use Alternate Authentication Material
T1550.001Application Access Token
T1550.002Pass the Hash
T1550.003Pass the Ticket
T1550.004Web Session Cookie
T1552Unsecured Credentials
T1552.001Credentials In Files
T1552.002Credentials in Registry
T1552.003Bash History
T1552.004Private Keys
T1552.005Cloud Instance Metadata API
T1552.006Group Policy Preferences
T1552.007Container API
T1552.008Chat Messages
T1553Subvert Trust Controls
T1553.001Gatekeeper Bypass
T1553.002Code Signing
T1553.003SIP and Trust Provider Hijacking
T1553.004Install Root Certificate
T1553.005Mark-of-the-Web Bypass
T1553.006Code Signing Policy Modification
T1554Compromise Host Software Binary
T1555Credentials from Password Stores
T1555.001Keychain
T1555.002Securityd Memory
T1555.003Credentials from Web Browsers
T1555.004Windows Credential Manager
T1555.005Password Managers
T1555.006Cloud Secrets Management Stores
T1556Modify Authentication Process
T1556.001Domain Controller Authentication
T1556.002Password Filter DLL
T1556.003Pluggable Authentication Modules
T1556.004Network Device Authentication
T1556.005Reversible Encryption
T1556.006Multi-Factor Authentication
T1556.007Hybrid Identity
T1556.008Network Provider DLL
T1556.009Conditional Access Policies
T1557Adversary-in-the-Middle
T1557.001LLMNR/NBT-NS Poisoning and SMB Relay
T1557.002ARP Cache Poisoning
T1557.003DHCP Spoofing
T1557.004Evil Twin
T1558Steal or Forge Kerberos Tickets
T1558.001Golden Ticket
T1558.002Silver Ticket
T1558.003Kerberoasting
T1558.004AS-REP Roasting
T1558.005Ccache Files
T1559Inter-Process Communication
T1559.001Component Object Model
T1559.002Dynamic Data Exchange
T1559.003XPC Services
T1560Archive Collected Data
T1560.001Archive via Utility
T1560.002Archive via Library
T1560.003Archive via Custom Method
T1561Disk Wipe
T1561.001Disk Content Wipe
T1561.002Disk Structure Wipe
T1562Impair Defenses
T1562.001Disable or Modify Tools
T1562.002Disable Windows Event Logging
T1562.003Impair Command History Logging
T1562.004Disable or Modify System Firewall
T1562.006Indicator Blocking
T1562.007Disable or Modify Cloud Firewall
T1562.008Disable or Modify Cloud Logs
T1562.009Safe Mode Boot
T1562.010Downgrade Attack
T1562.011Spoof Security Alerting
T1562.012Disable or Modify Linux Audit System
T1563Remote Service Session Hijacking
T1563.001SSH Hijacking
T1563.002RDP Hijacking
T1564Hide Artifacts
T1564.001Hidden Files and Directories
T1564.002Hidden Users
T1564.003Hidden Window
T1564.004NTFS File Attributes
T1564.005Hidden File System
T1564.006Run Virtual Instance
T1564.007VBA Stomping
T1564.008Email Hiding Rules
T1564.009Resource Forking
T1564.010Process Argument Spoofing
T1564.011Ignore Process Interrupts
T1564.012File/Path Exclusions
T1564.013Bind Mounts
T1564.014Extended Attributes
T1565Data Manipulation
T1565.001Stored Data Manipulation
T1565.002Transmitted Data Manipulation
T1565.003Runtime Data Manipulation
T1566Phishing
T1566.001Spearphishing Attachment
T1566.002Spearphishing Link
T1566.003Spearphishing via Service
T1566.004Spearphishing Voice
T1567Exfiltration Over Web Service
T1567.001Exfiltration to Code Repository
T1567.002Exfiltration to Cloud Storage
T1567.003Exfiltration to Text Storage Sites
T1567.004Exfiltration Over Webhook
T1568Dynamic Resolution
T1568.001Fast Flux DNS
T1568.002Domain Generation Algorithms
T1568.003DNS Calculation
T1569System Services
T1569.001Launchctl
T1569.002Service Execution
T1569.003Systemctl
T1570Lateral Tool Transfer
T1571Non-Standard Port
T1572Protocol Tunneling
T1573Encrypted Channel
T1573.001Symmetric Cryptography
T1573.002Asymmetric Cryptography
T1574Hijack Execution Flow
T1574.001DLL
T1574.002DLL Side-Loading
T1574.004Dylib Hijacking
T1574.005Executable Installer File Permissions Weakness
T1574.006Dynamic Linker Hijacking
T1574.007Path Interception by PATH Environment Variable
T1574.008Path Interception by Search Order Hijacking
T1574.009Path Interception by Unquoted Path
T1574.010Services File Permissions Weakness
T1574.011Services Registry Permissions Weakness
T1574.012COR_PROFILER
T1574.013KernelCallbackTable
T1574.014AppDomainManager
T1578Modify Cloud Compute Infrastructure
T1578.001Create Snapshot
T1578.002Create Cloud Instance
T1578.003Delete Cloud Instance
T1578.004Revert Cloud Instance
T1578.005Modify Cloud Compute Configurations
T1580Cloud Infrastructure Discovery
T1583Acquire Infrastructure
T1583.001Domains
T1583.002DNS Server
T1583.003Virtual Private Server
T1583.004Server
T1583.005Botnet
T1583.006Web Services
T1583.007Serverless
T1583.008Malvertising
T1584Compromise Infrastructure
T1584.001Domains
T1584.002DNS Server
T1584.003Virtual Private Server
T1584.004Server
T1584.005Botnet
T1584.006Web Services
T1584.007Serverless
T1584.008Network Devices
T1585Establish Accounts
T1585.001Social Media Accounts
T1585.002Email Accounts
T1585.003Cloud Accounts
T1586Compromise Accounts
T1586.001Social Media Accounts
T1586.002Email Accounts
T1586.003Cloud Accounts
T1587Develop Capabilities
T1587.001Malware
T1587.002Code Signing Certificates
T1587.003Digital Certificates
T1587.004Exploits
T1588Obtain Capabilities
T1588.001Malware
T1588.002Tool
T1588.003Code Signing Certificates
T1588.004Digital Certificates
T1588.005Exploits
T1588.006Vulnerabilities
T1588.007Artificial Intelligence
T1589Gather Victim Identity Information
T1589.001Credentials
T1589.002Email Addresses
T1589.003Employee Names
T1590Gather Victim Network Information
T1590.001Domain Properties
T1590.002DNS
T1590.003Network Trust Dependencies
T1590.004Network Topology
T1590.005IP Addresses
T1590.006Network Security Appliances
T1591Gather Victim Org Information
T1591.001Determine Physical Locations
T1591.002Business Relationships
T1591.003Identify Business Tempo
T1591.004Identify Roles
T1592Gather Victim Host Information
T1592.001Hardware
T1592.002Software
T1592.003Firmware
T1592.004Client Configurations
T1593Search Open Websites/Domains
T1593.001Social Media
T1593.002Search Engines
T1593.003Code Repositories
T1594Search Victim-Owned Websites
T1595Active Scanning
T1595.001Scanning IP Blocks
T1595.002Vulnerability Scanning
T1595.003Wordlist Scanning
T1596Search Open Technical Databases
T1596.001DNS/Passive DNS
T1596.002WHOIS
T1596.003Digital Certificates
T1596.004CDNs
T1596.005Scan Databases
T1597Search Closed Sources
T1597.001Threat Intel Vendors
T1597.002Purchase Technical Data
T1598Phishing for Information
T1598.001Spearphishing Service
T1598.002Spearphishing Attachment
T1598.003Spearphishing Link
T1598.004Spearphishing Voice
T1599Network Boundary Bridging
T1599.001Network Address Translation Traversal
T1600Weaken Encryption
T1600.001Reduce Key Space
T1600.002Disable Crypto Hardware
T1601Modify System Image
T1601.001Patch System Image
T1601.002Downgrade System Image
T1602Data from Configuration Repository
T1602.001SNMP (MIB Dump)
T1602.002Network Device Configuration Dump
T1606Forge Web Credentials
T1606.001Web Cookies
T1606.002SAML Tokens
T1608Stage Capabilities
T1608.001Upload Malware
T1608.002Upload Tool
T1608.003Install Digital Certificate
T1608.004Drive-by Target
T1608.005Link Target
T1608.006SEO Poisoning
T1609Container Administration Command
T1610Deploy Container
T1611Escape to Host
T1612Build Image on Host
T1613Container and Resource Discovery
T1614System Location Discovery
T1614.001System Language Discovery
T1615Group Policy Discovery
T1619Cloud Storage Object Discovery
T1620Reflective Code Loading
T1621Multi-Factor Authentication Request Generation
T1622Debugger Evasion
T1647Plist File Modification
T1648Serverless Execution
T1649Steal or Forge Authentication Certificates
T1650Acquire Access
T1651Cloud Administration Command
T1652Device Driver Discovery
T1653Power Settings
T1654Log Enumeration
T1656Impersonation
T1657Financial Theft
T1659Content Injection
T1665Hide Infrastructure
T1666Modify Cloud Resource Hierarchy
T1667Email Bombing
T1668Exclusive Control
T1669Wi-Fi Networks
T1671Cloud Application Integration
T1672Email Spoofing
T1673Virtual Machine Discovery
T1674Input Injection
T1675ESXi Administration Command

total count: 823